Excessive query by open DNS
Alan Zoysa
alanzoysa at gmail.com
Wed Oct 8 08:43:04 UTC 2008
Hello Raul,
DNS is a kind of social structure/setup. Better behave responsibly, as
long as one can. Unless you exhaust all other corretive options, do
not return modified/altered answers. First, you have opted to keep
your DNS open and recursive. So, rethink on this if the incoming
traffic is costing you in any way. In Debian GNU/Linux there is a
utility called dnstop, using this utility one can see the top
requesters of your DNS. If you deem some of them are hogging your DNS;
think of putting them in "blackhole"
in /etc/bind/named.conf.options
acl blacklist { IP/network; };
options {
...
blackhole { blacklist; };
...
};
restart named.
regards,
Alan.
On Wed, Oct 8, 2008 at 2:51 PM, Raul Lopez Nevot <r.nevot at gmail.com> wrote:
>>
>> Why not return 127.0.0.1 for everything?
>>
> Think it's a good idea, and return it with very very high TTL. All DNSs
> caching these values will help you to avoid this traffic.
>
>
>
>
--
best regards,
Alan.
More information about the bind-users
mailing list